CyberSecurity KPls CyberSecurity Key Performance Indicators - KPIS a Prepared by : iG yA Ve JAN- 2024ALA’ ZAYADEEN see KEY Fea INDICATORS (KPIS) A maken) BUILDING AND pec STRONG CYBERSECU une OPE RATIONS. . Se METRICS2. ASSET INVENTORY COVERAG A measure for the percentage of IT assets " | that we have accurate information about (type. ee os, users, etc. ) ——— —— BENEFITS => I's | ¢ Improving the process of discovering security vulnerabilities ¢ Reducing the number of security incidents. ¢ Reducing risks and hacks MORE THAN 95% Building IT asset management strategy Vw Y YY. Monitoring DNS to check for new added Ye assets. TT assets discovery solutions. ularly scan the network using IT assets e Re ¥Y diceateny solutions. [Mes Pago deen2. SECURITY CONTROLS COVERAG A measure for the percentage of IT assets ‘covered by security Controls required by the company (EDR, IAM, ZTNA, DLP, Backup) BENEFITS ==}. ¢ Improving the process of discovering security vulnerabilities ¢ Reducing the number of security incidents. ¢ Reducing risks and hacks MORE THAN 90% Aree aoe — ne > Building TT asset management strategy © Classification of information assets Regularly scan the network using IT assets LY discovery solutions. Lv3. VULNERABILITY ASSESSMENT COVERAG aA measure “for the ‘percentage “of IT assets. covered by security vulnerability scanning sts oo BENEFITS =} ¢ Improving the process of discovering security vulnerabilities ¢ Reducing the number of security incidents. ¢ Reducing risks and hacks MORE THAN 85% Seed sad x QY> Building VM. strategy and line it to IT assets management. > 7 Classification of information assets Conducting VM scanning regularly . LW Jacye Seen KRG4. MEAN TIME TO REMIDIATE ( MTTR) Am of the average time (in days) to, remediate security vulnerabilities ————— ————————— ———— =—— BENEFITS Increased difficulty and probability of penetrating vulnerabilities. * Enhancing compliance with regulations. ¢ Reduce risks and hacks. onmsey Ca r 100 LESS THAN 1 d I WN ays a == SHOULD DO - YY Building a strategy for managing vulnerabilities and link it with asset management ° Remediating security vulnerabilities as soon as possible © Performing Vulnerability assessment regularly RKKKS © Enhancing the Patch management process LW Jacye Seen <&a measure for the number of security incidents reported by employees ——— =——__ BENEFITS ¢ Reducing downtime due to security incidents * Quickly detection and response to incidents ¢ Raising awareness among employees INCREASE THE NUMBER OF ACCIDENTS REPORTED REPORTED ° Concucting = Security Awareness for yy Employees * Using technology and automating the reporting process ‘acks. se * Conducting tests simulating phishing att [Mes Pago deen 5. NUMBER OF CYBERSECURITY INCIDENTS S¢6. DEVICES HAVE LATEST SECURITY PATCHES A measure of the number of IT assets on™ ‘which the latest security updates have been —— peNEFITS —= « Promote compliance with regulatory requirements. » Reducing the number of assets that cause security incidents. « Reducing security vulnerabilities on devices MORE THAN 90% VY ° Building an ary asset criemmcement strategy strategy - [TAM Strategy Implementing security patch management solutions Nw 7. LY Y- Deploy IT Asset Discovery tools iY. yy Wi Follow news and developments related to security updates7. DEVICES RUNNING OUTDATED OPERATING SYSTEMS OR SOFTWAREE A measure of the percentage of IT assets ‘that contain out dated or expired programs ‘and operating systems : ———— BENEFITS = « Identify assets that contain outdated software Building a correct basis for assessing risks and gaps « Updating all devices and reducing vulnerabilities LESSTHAN 5% - SHOULD DO ¢ Building an IT asset management strategy ® strategy - LTAM Strategy * Scan all devices and the software on them “> periodically * Uninstall or update all old programs. [Mes Pago deen R&S KGSA measure for the number or percentage of phishing emails that were opened by users ——— ————— ————————— ———— BENEFITS ==}. e Promote compliance with legislative and regulatory requirements ¢ Reducing the number of security incidents. © Raising awareness of information security. LESSTHAN 3% - SHOULD DO © Build Comprehensive awareness strategy ¢ Train /Educate users to identify phishing emails © Conduct phishing tests periodically and follow up on the results [Mes Pago deen 8. PHISHING EMAILS OPENED BY END-USERS RERKEGE